Page MenuHomePhabricator
Create Task
Maniphest T346513

Phabricator Two-factor Authentication reset for Tommy_Kronkvist
Closed, ResolvedPublic
Actions

Description

I would need to reset the multi-factor authentication for my Phabricator account. The reason is that I've lost the cellphone where I had my 2FA/TOTP app. I'm currently logged in to Phabricator but will soon need to reinstall the operating system on the computer due to failing hardware. My Phabricator user page can be found here: https://phabricator.wikimedia.org/p/Tommy_Kronkvist/ and that page includes a user committed identity hash for my account. I added the user committed identity hash to my user page quite some time ago, and is also present on several of my user pages for different Wikimedia sister projects. My Phabricator user page also includes a link to my public PGP key which I use to sign (and occasionally encrypt) my email: tommykronkvist@me.com. My Phabricator account is connected to my MediaWiki user account, and that same email adress is used for both my Phabricator account as well as all the many Wikimedia sisters projects I'm active in.

Per https://www.mediawiki.org/wiki/Phabricator/Help/Two-factor_Authentication_Resets I hereby explicitly ask for creating a custom private Paste to verify my user committed identity hash. (I don't really know how this works, but hopes that the community will help me :-)

For reference, I'm an administrator, bureaucrat and interface administrator at Wikispecies, an administrator at Swedish Wikivoyage, and an administrator at Wikimedia Sweden (i.e. "WMSE", the Swedish Wikimedia Chapter). For more data regarding me and my Wikimedia activities, see my Wikimedia Global Account information: https://meta.wikimedia.org/wiki/Special:CentralAuth/Tommy_Kronkvist

I'm sorry if I'm going about this in the wrong way, but the information on the "Two-factor Authentication Reset" page isn't crystal clear.

Event Timeline

Tommy_Kronkvist created this task.Sep 16 2023, 11:17 PM
Peachey88 renamed this task from Two-factor Authentication reset to Phabricator Two-factor Authentication reset for Tommy_Kronkvist.Sep 16 2023, 11:28 PM
Aklapper merged a task: Restricted Task.Sep 17 2023, 2:03 PM
Aklapper added a subscriber: mmodell.
Aklapper added a comment.Sep 18 2023, 3:56 PM

Hi @Tommy_Kronkvist, I created a private paste at P52520 that you should be able to access.

Aklapper reassigned this task from Aklapper to Tommy_Kronkvist.Sep 20 2023, 10:33 AM
Tommy_Kronkvist added a comment.Sep 23 2023, 7:51 AM

Hello again @Aklapper. Thank you so much for your help! So I guess I should simply add my secret user committed identity hash text string to P52520? Regardless of the fact that the page there says "Please be aware that whatever you paste here will be publicly visible for the world to see. Do not paste private or sensitive information"?

Aklapper added a comment.Sep 23 2023, 1:31 PM
In T346513#9192914, @Tommy_Kronkvist wrote:

Regardless of the fact that the page there says "Please be aware that whatever you paste here will be publicly visible for the world to see. Do not paste private or sensitive information"?

Where and how to see that exactly, after which steps performed? Could you provide a screenshot?

P52520 is access-restricted to you and me so this should not be displayed.

Tommy_Kronkvist added a comment.Sep 23 2023, 3:26 PM
In T346513#9192997, @Aklapper wrote:

Where and how to see that exactly, after which steps performed? Could you provide a screenshot?
P52520 is access-restricted to you and me so this should not be displayed.

Here, after clicking the "Edit Paste" link in P52520 (per mediawiki:Phabricator/Help/Two-factor Authentication Resets).

P52520.png (1×1 px, 288 KB)

Base subscribed.Sep 23 2023, 3:45 PM

Passer by comment, the paste name does not turn to a link for me so I assume it is private enough at least for that

Aklapper added a comment.Sep 23 2023, 7:43 PM
In T346513#9193046, @Tommy_Kronkvist wrote:

Here, after clicking the "Edit Paste" link in P52520

Thanks, I had no idea. Different result here when I do that:

Screenshot from 2023-09-23 21-42-26.png (917×1 px, 70 KB)

Platonides subscribed.Sep 23 2023, 9:08 PM

@Tommy_Kronkvist you may also PGP-sign a statement that you are indeed requesting this in T346513, signed by the PGP key you listed here: https://species.wikimedia.org/wiki/User:Tommy_Kronkvist/PGP so there's no need to share secrets in private pastes.

Aklapper closed this task as Resolved.Sep 26 2023, 12:05 PM
Aklapper triaged this task as Low priority.
Aklapper added a project: Release-Engineering-Team (Priority Backlog 📥).

a6edd6d2fdbf82621f0cda4e5525c71f8da9b5dfd308242c3c63365e998c32c5406b75448380903265a5403edffd1a0435b61ac943f3c65870db9250f8b884a9 is listed on https://www.mediawiki.org/wiki/User:Tommy_Kronkvist which is linked to this Phabricator account, and it was added in November 2022 in https://www.mediawiki.org/w/index.php?title=User%3ATommy_Kronkvist&diff=5573545&oldid=5572910 by the user themselves.

Running cat ~/P52520 | sha512sum per https://wikitech.wikimedia.org/wiki/Phabricator#Removing_Two_Factor_Authentication creates the same SHA-512 commitment as on https://www.mediawiki.org/wiki/User:Tommy_Kronkvist so I have removed the 2FA from the Phabricator account. Thanks!

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits